Service and maintenance solutions for programmable and/or reconfigurable modules included in communication network nodes

ABSTRACT

The present invention relates to service and maintenance solutions for programmable and/or reconfigurable modules (CM 1 , . . . , CM n ), which are included in the nodes of a communications network ( 140 ). The module (CM 1 ) contains a first digital storage unit (M 1 ), which holds information pertaining to the accomplishment of a primary function of the module. A secondary function of the module involves control of the primary function. The module has an optical bi-directional interface (I w ) towards the first digital storage unit. Data in the first digital storage unit may be read out (D 0 ) and may also be updated (D i ) by the portable software carrier unit via the optical bi-directional interface. Data read-out as well as data updating may be accomplished independently of the primary function. Preferably, an access module (A) controls the bi-directional interface in response to an authorization signal (SA) from an authorization unit ( 120, 121, 122, 123 ).

THE BACKGROUND OF THE INVENTION AND PRIOR ART

The present invention relates generally to service and maintenancesolutions for programmable and/or reconfigurable modules, which areincluded in nodes of a communications network. More particularly theinvention relates to a communication module according to the preamble ofclaim 1 and a method of communicating with such a module according toclaim 15. The term communication module is here understood to designatearbitrary type of unit, which is adapted to exchange information with atleast one other unit over a communications network. The communicationmodule may thus be a line card or an optoelectrical transceiver in aswitch or a router as well as a general-purpose computer with networkingcapabilities.

Data communication equipment such as switches, routers, etc. have untilrecently had limited maintenance functionality. With today's highcapacity networks however, maintenance and reliability are of growingimportance. For instance, so-called carrier class services are offeredalso in data networks. These higher service levels have become costefficient by use of new technology and methods applied to everythingfrom components to system architecture. An important contribution to theimproved reliability and availability comes from surveillance andmaintenance functions in combination with modular system architecturesthat are reconfigurable during operation. There are two main conceptsfor handling maintenance and control communication between managed partsof the system and the management software. Either the management isaccomplished by means of physically separated channels or the managementsystem uses integrated virtual channels, which share the same medium asthe payload traffic. The present invention may be used both in networkshaving physically separated management channels and in networks withintegrated virtual channels.

A fair amount of maintenance operations may generally be performedwithout manual intervention. However, addition, removal and replacementof hardware require manual operations. This is normally also true forsoftware and firmware upgrades. Typically, there is an operatorinterface towards each node in a communications network. This interfaceallows an operator to supervise and control various functions in thenodes. The operator interface can be handled via a management computer.Depending on network architecture and the node design (which may have amodular structure), the management computer is either located in acentralized location or connected at one or more suitable points in adistributed system.

Management software often has both fully automatic and various forms ofoperator assisted operation modes. In its simplest form the managementsoftware provides a user-interface for the operator's access toinformation and control of the system. The earlier generations ofmanagement systems for modular systems typically had a majority of theirfunctionality located in a centralized management controller. Anyremovable modules in a node of a network of this type could hence onlyperform relatively simple management tasks, such as responding to statusrequests and actuating simple operating mode commands. Today however,the removable modules are generally equipped with much more management,surveillance and debug functions which may be autonomous to a higherdegree. Furthermore, some removable modules may be programmed andconfigured by loading new software or firmware.

The prior art includes many examples of solutions for remote control ofthe nodes in a network. For instance, European patent application No. 1043 868 describes an optoelectronic network interface device, whichallows reconfiguration of ports in a local area network (LAN) inresponse to a control signal from a LAN-administrator, a network controlcenter or being automated via dynamic network reconfiguration software.

European patent application No. 0 917 077 discloses a solution forwireless remote synchronization of data between a personal computer (PC)and a personal digital assistant (PDA). According to the document, datafiles may be automatically updated through a paging or a cellulardigital packet data network, both in the PC and in the PDA.

However, the known distributed management functions for communicationsnetworks which include modular nodes may be limited by an insufficientcapability of the host system management functionality, which results inthat only a subset of the potentially available module functions are, infact, available on the system level. Limitations of this kind could bedue to the fact that the removable modules, although they have astandardized interface and standardized physical dimensions, showconsiderable differences in management handling properties.

Moreover, there may be limitations with respect to the physical access.For example, a large and physically distributed communications networkwith centralized management functionality may have modular nodes, whichare located in areas where the access to the management system isseverely restricted, or perhaps even non-existent. Naturally, this maycause problems when performing debug and repair operations that requireoperator access to both the management system and the module beingdiagnosed.

SUMMARY OF THE INVENTION

An object of the present invention is therefore to provide a solutionfor maintenance communication and software updating that alleviates theproblems above and thus offers unrestricted access to the functionalityof the communication module management irrespective of the specificcapabilities of the node to which a relevant communication module isconnected and to what degree the management system is accessible fromthis node.

According to one aspect of the invention this object is achieved by acommunication module as described initially, which is characterized inthat the bi-directional interface includes at least one opticalinterface and is adapted to provide a local wireless access to the firstdigital storage unit. The local wireless access is providedindependently of the communication module primary function.

One important advantage accomplished by this design is that the modulebecomes readily accessible to a support operator, and at the same time,the measures performed with respect to the module can be carried outwithout influencing the operation of the relevant module. The design isalso advantageous with respect to security aspects, since the at leastone optical interface requires a physical access to the room in whichthe node is located in order to manipulate the communication module.Moreover, it is often necessary to open at least one equipment door toactually access the optical interface. Thus, the risk of unauthorizedmanipulation may be held relatively low.

Other advantages accomplished by the proposed design are related toelectromagnetic interference requirements. A communication node, such asan optical transceiver, is normally placed inside an electromagneticshielded cabinet in order to protect the units therein from interferencewith external radio signals. Such shielding typically renders analternative wireless access impossible, for instance by means of a radiointerface.

Furthermore, a radio interface may be inappropriate because applicablemechanical/physical restrictions on the communication node may not offersufficient room for any antennas.

According to another preferred embodiment of this aspect of theinvention, the bi-directional interface is adapted to allow read-out ofdata from the first digital storage unit. Thus, status reports withrespect to the primary function may be generated and exported via thebi-directional interface. Preferably, the first digital storage unitcontains a first register, which includes status data with respect tothe primary function. Moreover, the bi-directional interface is adaptedto receive a request for status information and transmit a status reporton basis of the request. The status report includes data from the firstregister, which pertains to at least one parameter of the primaryfunction.

According to another preferred embodiment of this aspect of theinvention, the bi-directional interface is adapted to allow updating ofthe contents of the first digital storage unit. Thereby, the primaryfunction may conveniently be modified by means of software code,firmware code and/or control commands. Preferably, the first digitalstorage unit includes a second normally volatile register, which isadapted to store information pertaining to accomplishment of the primaryfunction. The bi-directional interface is adapted to receive at leastone control command. Furthermore, the module is adapted to alter atleast one parameter in the second register pertaining to theaccomplishment of the primary function on basis of the at least onecontrol command.

According to another preferred embodiment of this aspect of theinvention, the first digital storage unit includes a non-volatile thirdregister, which is adapted to store information pertaining to theaccomplishment of the primary function. Moreover, the module contains asecond digital storage unit, which is adapted to temporarily storeupdating information pertaining to the accomplishment of the primaryfunction. The bi-directional interface is adapted to receive at leastone piece of information pertaining to accomplishment of the primaryfunction. Additionally, the module is adapted to store the at least onepiece of information in the second digital storage unit. This makes itpossible to alter the contents of the third register on basis of the atleast one piece of information in the second digital storage unit afterreset of the module. Consequently, software and firmware upgrades forthe primary function may conveniently be achieved via the bi-directionalinterface.

According to another preferred embodiment of this aspect of theinvention, the bi-directional interface contains at least one opticalinterface, for example adapted to communicate in the infrared wavelengthrange. Such interface is advantageous because it provides anuncomplicated data transmission while minimizing the risk ofunintentional interference with signals that are handled by other units.

According to another preferred embodiment of this aspect of theinvention, the communication module includes an access module, which isadapted to allow access to the first digital storage unit via thebi-directional interface. The access module is controllable via anauthorization unit; such that it blocks access to the first digitalstorage unit via the bi-directional interface at least until anauthorization signal has been generated for the removable communicationmodule by the authorization unit. An advantage attained thereby is thatunauthorized access to the module via the bi-directional interface isprevented.

According to yet another preferred embodiment of this aspect of theinvention, the access module contains an authentication sub-unit, whichis adapted to receive a pass phrase from a portable software carrierunit via the bi-directional interface. The access module blocks accessto the first digital storage unit via the bi-directional interface atleast until an acceptable pass phrase has been received. Thus, anadvantage attained is that unauthorized access to the module is furtherprevented.

According to still another preferred embodiment of this aspect of theinvention, the authorization signal includes an address field, whichdesignates a specific module position within the node and/or theauthorization signal includes a unique identifier of a communicationmodule. Thus, an identification unit in the communication module mayindicate an active data transmission state upon reception of anauthorization signal that designates the module. This is desirablebecause it facilitates location of the relevant module, and forinstance, guides the operator when aiming the software carrier unit'sinterface towards the communication module. More important, however, isthat the authorization signal ensures activation of the desired moduleonly.

According to a preferred embodiment of this aspect of the invention, theidentification unit includes a first optical indicator, which indicatesthat the bi-directional interface is open for access to the firstdigital storage unit. Thus, the operator person may confirm that accessis granted and that he/she may proceed with the data transmissionprocess.

According to another aspect of the invention this object is achieved bya method of communicating with a communication module, which isremovably connected to a node in a communications network. The module ispresumed to be adapted to perform a primary function pertaining to anover-all operation of the module as well as a secondary function thatinvolves control of the primary function. The method involves thefollowing steps. First, an authorization signal is generated for theremovable communication module. This signal is then received in themodule. Subsequently, data is exchanged between the removablecommunication module and a portable software carrier unit via abi-directional optical interface. The data includes informationpertaining to accomplishment of the primary function and the exchangetakes place independently of the primary function.

Preferably, the authorization signal includes an address field whichdesignates a specific module position within the node and/or theauthorization signal includes a unique identifier of a specificcommunication module. Thereby, it is made certain that exclusively thedesired module is activated by the authorization signal.

According to another preferred embodiment of this aspect of theinvention, the method involves receiving a pass phrase in thecommunication module via the bi-directional wireless interface.Preferably, the pass phrase includes a static segment, a dynamic segmentand/or a cyclic redundancy checksum. In case the pass phrase includes adynamic segment, this is preferably calculated in the portable softwarecarrier unit and the authorization unit respectively, and access to thefirst digital storage unit is only granted if there is a match betweenthe results of these two calculations. The cyclic redundancy check-sumis based on data, which is used to update the contents of the digitalstorage. Consequently, by means of the cyclic redundancy checksum, theintegrity of the data transferred to the first digital storage unit canbe guaranteed.

According to another preferred embodiment of this aspect of theinvention, the method involves updating the contents of the firstdigital storage unit via the bi-directional interface. The updating mayrelate to volatile data, such as control commands, or relate tonon-volatile definitions of the primary functions in the form ofsoftware or firmware code. In the former case, the method preferablyinvolves receiving at least one control command via the bi-directionalinterface. Then, at least one parameter pertaining to accomplishment ofthe primary function is altered on basis of the at least one controlcommand. In the latter case, the method preferably involves thefollowing steps. First, at least one piece of information pertaining toaccomplishment of the primary function is received via thebi-directional interface. Then, this information is temporarily storedin a second digital storage unit. Subsequently, the communication moduleis reset. Finally, the content of the first digital storage is alteredon basis of the temporarily stored information.

According to another preferred embodiment of this aspect of theinvention, the method involves reading out data from the first digitalstorage unit via the bi-directional interface. Preferably, this isaccomplished by first receiving a request for status information via thebi-directional interface, and then transmitting a status report on basisof the request. The status report here includes data pertaining to atleast one parameter of the primary function.

Hence, the invention offers an efficient and reliable solution foraccomplishing any kind of software and firmware upgrading in arbitrarycommunications network that includes modular nodes, such as a fiberoptical network. Moreover, the invention provides a convenient means formonitoring the function of such nodes. The invention therefore grants acompetitive edge to the vast majority of today's data communicationsystems.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is now to be explained more closely by means ofpreferred embodiments, which are disclosed as examples, and withreference to the attached drawings.

FIG. 1 shows a communication module in a node of a communicationsnetwork according to an embodiment of the present invention,

FIG. 2 illustrates, by means of a flow diagram, a method ofcommunicating with a communication module according to an embodiment ofthe invention,

FIG. 3 exemplifies, by means of a first sequence diagram, a datatransmission scenario between a portable software carrier unit and acommunication module according to an embodiment of the invention, and

FIG. 4 exemplifies, by means of second sequence diagram, a datatransmission scenario between a portable software carrier unit and acommunication module according to an embodiment of the invention.

DESCRIPTION OF PREFERRED EMBODIMENTS OF THE INVENTION

FIG. 1 shows a communication module CM₁, which is connected to a node110 of a communications network 140 according to an embodiment of thepresent invention. A central resource 120, such as a management systemserver, is also connected to the network 140. In addition to the moduleCM₁, the node 110 includes a plurality of similar communication modulesCM₂, . . . , CM_(n). Each module CM₁, . . . , CM_(n) is located at amodule position, which is identified by means of a unique address Adr#1,. . . , Adr#n. Typically, the node 110 also contains a variety of othertypes of units and modules (not shown). The communication module CM₁, inturn, contains a first sub-unit 140 including a first digital storageunit M1, a bi-directional wireless interface I_(w), a network interfaceI_(N), an access module A, a local authorization unit 123 and anidentification unit ID.

The first digital storage unit M1 is adapted to hold informationpertaining to accomplishment of a primary function of the communicationmodule CM₁, such as receiving incoming data traffic, performingswitching operations and transmitting outgoing data traffic. For thispurpose, the first digital storage unit M1 may contain software code,firmware code and/or control parameters. Furthermore, the contents ofthe first digital storage unit M1 may be modified (e.g. upgraded) D_(i)via the bi-directional wireless interface I_(w). Thus, the primaryfunction of the module CM₁ may be changed by altering the information inthe first digital storage unit M1.

The first digital storage unit M1 in turn contains a first register Mtr,which includes status data for the primary function. Thus, statusreports pertaining to parameters of the primary function may begenerated on basis of the contents of the first register Mtr. The firstdigital storage unit M1 also contains a second and volatile registerCtrl, which is adapted to store information pertaining to theaccomplishment of the module's CM₁ primary function. Thus, parameters inthe second register Ctrl, which pertain to the primary function, may bealtered on basis of control commands entered via the bi-directionalinterface I_(w). Furthermore, the first digital storage unit M1 containsa third and non-volatile register Prg, which is adapted to storeinformation in the form of software and/or firmware that pertains to theaccomplishment of the primary function.

A second digital storage unit M2 in a second sub-unit 150 of the moduleCM₁ is adapted to temporarily store the information pertaining to theaccomplishment of the primary function, which is to be entered into theregister Prg. The content of the register Prg is altered after reset ofthe module CM₁, for instance in connection with a reboot or restartoperation.

The communication module CM₁ is designed such that it is possible tomodify the contents of the first digital storage unit M1 duringoperation of the module CM₁ according to the primary function.Additionally, it is possible to read out Do the contents of the firstdigital storage unit M1 via the bi-directional wireless interface I_(w),such that analysis and diagnosis operations can be performed for thecommunication module CM₁ independently of the primary function.

According to the invention, the bi-directional wireless interface I_(w)is adapted to provide a local wireless access to the first digitalstorage unit M1. In practice, this means that a portable softwarecarrier unit 130 (for instance in the form of a personal digitalassistant, a palmtop computer, a laptop computer or a mobile telephone)may wirelessly exchange information with the first digital storage unitM1. Preferably, the bi-directional wireless interface I_(w) includes atleast one optical interface, e.g. adapted for transmission of signals inthe infra red wavelength range. Thereby, the module CM₁ is capable ofcommunicating with the majority of portable software carriers currentlyon the market.

The access module A has a gate function and is adapted to allow accessto the first digital storage unit M1 via the bi-directional wirelessinterface I_(w). An authorization unit controls the access module A bymeans of an authorization signal S_(A). The authorization unit may beincluded in the central resource 120 and transmit the authorizationsignal S_(A) to the module CM₁ via the network interface INAlternatively, the authorization may be included in a first localresource 121, which is connected to the node 110 or the unit may beincluded in a second local resource 122 within the node 110. Optionally,the authorization unit may be included in a third local resource 123within the module CM₁ itself. Preferably, however not necessarily, theauthorization unit generates the authorization signal S_(A) in responseto an access request signal R_(A) from the portable software carrierunit 130. Typically, the access request signal R_(A) is processed in therelevant authorization unit, i.e. 120, 121, 122 or 123. Nevertheless,according to one embodiment of the invention and in case theauthorization unit is located in the first local resource 121, theaccess request signal R_(A) may be forwarded to the central resource 120for generation of the authorization signal S_(A).

Specifically, the gate function implies that the access module A blocksany access to the first digital storage unit M1 via the bi-directionalwireless interface I_(w) until an authorization signal S_(A) for therelevant module CM₁ has been received in the module CM₁. Theauthorization signal S_(A) may include an address field, whichdesignates a specific module position, e,g, Adr#1, within the node 110.Thus, the node 110 can relate a given authorization signal S_(A) to acertain module, say CM₁. As an alternative or a complement thereto, theauthorization signal S_(A) may include a unique identifier (e.g. aserial number) of a certain module, such as CM₁. Depending on theapplication, one or more further access conditions may need to befulfilled before access to the first digital storage unit M1 is actuallygranted. However, this will be discussed in further detail below, forinstance with reference to the FIGS. 3 and 4.

According to a preferred embodiment of the invention, the networkinterface IN is adapted to receive the authorization signal S_(A). It isalso preferable if the identification unit ID is adapted to indicate anactive data transmission state i_(ID), i.e. that an authorization signalS_(A) has been received for the module CM₁.

According to a preferred embodiment of the invention, the access moduleA within the communication module CM₁ in turn contains an authenticationsub-unit a, which is adapted to receive a pass phrase from a portablesoftware carrier unit 130 via the bi-directional wireless interfaceI_(w). The access module A may thereby block access to the first digitalstorage unit M1 via the bi-directional wireless interface I_(w), until(in addition to the authorization signal S_(A)) an acceptable passphrase has been received.

The pass phrase may very well be empty (or non-existent). Depending onany complementary security measures, the security levels for the passphrase may be varied. For instance, in case the node 110 is providedwith a relatively high degree of protection with respect to physicalaccess, the requirements on the pass phrase may be released. Howeverpreferably, the pass phrase at least includes a static segment, i.e. apredetermined, permanent sequence of characters (letters, numbers orsymbols). In addition, or as a complement, to the static segment, thepass phrase may include a dynamic segment, i.e. a sequence of characters(letters, numbers or symbols) which typically varies from one log-on toanother. The dynamic part of the pass phrase is calculated outside ofthe communications module CM₁ , preferably in the portable softwarecarrier unit 130 and the authorization unit respectively. Access to thefirst digital storage unit M1 is then only granted if there is a matchbetween the results of these two calculations. The pass phrase may alsoinclude a cyclic redundancy checksum (CRC). According to a preferredembodiment of the invention, the CRC is based on (i.e. calculated from)data D_(i), which is to update the contents of the digital storage M.Consequently, the integrity of the data transferred to the first digitalstorage unit can be guaranteed.

Given the various types of pass phrases above, different security levels(open, protected, closed, closed-confirm) may be defined with respect tothe accessibility to the first digital storage unit M1. A first securitylevel, open, implies that the contents of the first digital storage unitM1 is freely accessible for any kind of modification and read-out. It isworth mentioning though, that the first digital storage unit M1 may bedivided into different sectors, and preferably, the sectors pertainingto comparatively critical functions of the node 110 are allocated asecurity level above the first security level. A second security level,protected, implies that a static password is required in order to readout or store data in the first digital storage unit M1. This securitylevel may hence be used to safeguard against unintentional modificationsof the data therein. A third security level, closed, implies that both astatic password and a dynamic password are required to obtain access tothe first digital storage unit M1. Preferably, this security level isallocated to those sectors of the first digital storage unit M1 thatpertain to relatively central functions in the node 110, such as settingof control parameters and erasure of event logs. A fourth securitylevel, closed-confirm, implies that a valid combination of a staticpassword, a dynamic password and a CRC must be entered. This securitylevel is appropriate when performing software and/or firmware upgrades,since it ensures that only a specific set of data (e.g. that which hasbeen obtained from an authorized provider) can be stored into the firstdigital storage unit M1.

According to a preferred embodiment of the invention, the identificationunit ID includes a first optical indicator i_(D1), which indicateswhenever the bi-directional interface I_(w) is open for access to thefirst digital storage unit M1. For instance, a light emitting diode(LED) may thus inform a service operator that an acceptable pass phrasehas been entered. Moreover, it is preferable if the identification unitID contains a second optical indicator i_(D2), which indicates that dataD_(i) or D_(o) is being transmitted over the bi-directional wirelessinterface I_(w). The service operator may thereby obtain additionaluseful information, such as when a particular download has beencompleted.

Instead of providing a separate first optical indicator i_(D1) andsecond optical indicator i_(D2), these indicators may be combined into asingle optical indicator, which has two distinctive signaling behaviors.Moreover, this indicator is preferably adapted to indicate an activedata transmission state i_(ID) in response to an authorization signalhaving been received with respect to the communication module, i.e. athird distinctive signal.

A method of communicating with a communication module according to anembodiment of the invention will now be described with reference to FIG.2. A first step 210, investigates whether an authorization signal hasbeen generated with respect to a relevant communication module, and ifso the procedure continues to a step 220. Otherwise, the procedure loopsback and stays in the step 210. The step 220 starts a first timer havinga relatively long duration. The first timer has the function ofreleasing the access to the communication module, typically after acompleted data transfer, however also after a predetermined period ofinactivity. Next, a step 225 indicates an active data transmission statei_(ID), i.e. that an authorization signal has been generated for thecommunication module in question.

Subsequently, a step 230 investigates whether an acceptable pass phrasehas been received via the bi-directional interface, for example from aportable software carrier unit. As already mentioned, this step isoptional, which means that the pass phrase may be empty (see e.g. thefirst security level above). In case the condition checked in step 230is not fulfilled, a step 240 investigates whether the first timer hasexpired, and if so the procedure loops back to the step 210. Otherwise,the procedure stays in the step 230 to 240 loop until an acceptable passphrase is received or the first timer expires. In the first case, a step250 starts a second timer (having a relatively short duration). Thepurpose of the second timer is to limit the period between the entry ofa valid pass phrase and initiating data transmission. The second timeralso initiates the turn-off process for the bi-directional wirelessinterface after a completed data transmission. Next, a step 251activates an indication signal i_(D1) indicating that the bi-directionalwireless interface is open for access to the first digital storage unit.Afterwards, a step 252 restarts the first timer.

Following step 252, a step 260 investigates whether data is beingtransmitted over the interface, and if this is not the case, a step 270investigates whether the second timer has expired. An affirmative answerhere results in that the procedure loops back to the step 230, where theuser is prompted to re-enter a valid pass phrase. If, however, thequestion posed in step 260 is answered affirmative, a step 280 restartsthe second timer. Subsequently, a step 285 indicates that data iscurrently being transmitted, for instance via a particular LED-signal.Thereafter, the procedure returns to step 260 again.

According to alternative embodiments of the invention, two or more ofthe process steps described above may be executed in parallel or inmutually reversed order. Specifically, this is true with respect to thesub-sequences of steps 220 and 225, 250-252 respective 280 and 285.

Furthermore, all of the process steps, as well as any sub-sequence ofsteps, described with reference to the FIG. 2 above may be controlled bymeans of a computer program being directly loadable into the internalmemory of a computer, which includes appropriate software forcontrolling the necessary steps when the program is run on a computer.Furthermore, such computer programs can be recorded onto arbitrary kindof computer readable medium as well as be transmitted over arbitrarytype of network and transmission medium.

FIG. 3 exemplifies, by means of a first sequence diagram, a datatransmission scenario between a portable software carrier unit 130 and acommunication module CM₁ according to an embodiment of the invention.

First, an access request signal R_(A) is sent out by the portablesoftware carrier unit 130. This signal R_(A) is received by the node 110and forwarded to a relevant authorization unit 12 x. Provided that theaccess request signal R_(A) is accepted, an authorization signalSA(F_(Adr#1)) is generated with respect to the communication module CM₁.Here, an address field F_(Adr#1) in authorization signalS_(A)(F_(Adr#1)) designates a module position Adr#1 at which thecommunication module CM₁ is located within a particular node.

The module CM₁ then indicates i_(ID) an active data transmission state,for example by lightning a first LED in its identification unit ID. Aservice operator is prompted to enter a pass phrase PW(pw_(s)) via theportable software carrier unit 130. For example, the pass phrasePW(pw_(s)) includes a static segment pw_(s). However in the generalcase, the pass phrase PW(pw_(s)) is optional and may thus be left out.Subsequently, an open bi-directional wireless interface is indicatedi_(D1), for instance by lightning a second LED in the identificationunit ID. Next, data is transmitted. Here, the data is read out Do fromthe module's CM₁ first digital storage unit to the portable softwarecarrier unit 130. In parallel with this, an optical indicator i_(D2),such as a third LED in the identification unit ID, is activated.

FIG. 4 exemplifies, by means of second sequence diagram, another datatransmission scenario between the portable software carrier unit 130 anda communication module CM₁ according to an embodiment of the invention.

Again, an access request signal R_(A) is initially sent out by theportable software carrier unit 130. The access request signal R_(A) isreceived by the module CM₁ and forwarded to a relevant authorizationunit 12 x, external or internal. This unit 12 x then generates anauthorization signal S_(A)(ID₁), which designates ID₁ the module CM₁. Inresponse to the authorization signal S_(A)(ID₁), the module indicatesi_(ID) an active data transmission state.

Next, the service operator enters a pass phrase PW(p_(s), pw_(D), CRC),preferably via the portable software carrier 130. The pass phrasePW(pw_(s), pw_(D), CRC) includes a static segment pw_(s), a dynamicsegment pw_(D), and a cyclic redundancy checksum CRC. Then, an openbi-directional wireless interface is indicated i_(D1). Subsequently,data transmission may be initiated. In this case, data D_(i) istransmitted from the portable software carrier unit 130 and stored intothe module's CM₁ first digital storage unit. The ongoing data transferis indicated by means of an optical indicator i_(D2).

The term “comprises/comprising” when used in this specification is takento specify the presence of stated features, integers, steps orcomponents. However, the term does not preclude the presence or additionof one or more additional features, integers, steps or components orgroups thereof.

The invention is not restricted to the described embodiments in thefigures, but may be varied freely within the scope of the claims.

1. A communication module adapted to be removably connected to a node ina communications network, the module being adapted to perform a primaryfunction pertaining to an over-all operation of the module and asecondary function involving control of the primary function,comprising: a first digital storage unit adapted to hold informationpertaining to accomplishment of the primary function; and abi-directional interface towards the first digital storage unit, whereinthe bi-directional interface (I_(w)) comprises at least one opticalinterface and is adapted to provide a local wireless access to the firstdigital storage unit, the local wireless access being providedindependently of the primary function.
 2. A communication moduleaccording to claim 1, wherein the bi-directional interface is adapted toallow read out of data from the first digital storage unit.
 3. Acommunication module according to claim 1 wherein the bi-directionalinterface is adapted to allow updating of the contents of the firstdigital storage unit.
 4. A communication module according to claim 1wherein the first digital storage unit comprises a first registerincluding status data with respect to the primary function, and thebi-directional interface is adapted to: receive a request for statusinformation; and transmit a status report on basis of the request, thestatus report including data from the first register which pertains toat least one parameter of the primary function.
 5. A communicationmodule according to claim 3, wherein the first digital storage unitcomprises a second and volatile register adapted to store informationpertaining to the accomplishment of the primary function; and thebi-directional interface is adapted to receive at least one controlcommand, wherein the bi-directional interface is adapted to alter atleast one parameter in the second register pertaining to theaccomplishment of the primary function on basis of the at least onecontrol command.
 6. A communication module according to claim 3, whereinthe communication module comprises a second digital storage unit adaptedto temporarily store information pertaining to the accomplishment of theprimary function, the first digital storage unit comprises a third andnon-volatile register adapted to store information pertaining to theaccomplishment of the primary function, the bi-directional interface 4w)is adapted to receive at least one piece of information pertaining tothe accomplishment of the primary function, and the bi-directionalinterface is adapted to store the at least one piece of information inthe second digital storage unit.
 7. A communication module according toclaim 6, wherein the communication module is adapted to, after reset ofthe module, alter the contents of the third register on basis of the atleast one piece of information in the second digital storage unit.
 8. Acommunication module according to claim 1, wherein the communicationmodule comprises an access module adapted to allow access to the firstdigital storage unit via the bi-directional interface, the access modulebeing controllable via an authorization unit such that the access moduleblocks access to the first digital storage unit via the bi-directionalinterface at least until an authorization signal has been generated bythe authorization unit with respect to the module.
 9. A communicationmodule according to claim 8, wherein the access module comprises anauthorization sub-unit adapted to receive a pass phrase from a portablesoftware carrier unit via the bi-directional interface, the accessmodule blocking access to the first digital storage unit via thebi-directional interface at least until an acceptable pass phrase hasbeen received.
 10. A communication module according to claim 8, whereinthe authorization signal includes an address field which designates aspecific module position within the node.
 11. A communication moduleaccording to claim 8, wherein the authorization signal includes a uniqueidentifier of the module.
 12. A communication module according to claim10, wherein the communication module comprises an identification unitadapted to indicate an active data transmission state upon reception ofan authorization signal which designates the communication module.
 13. Acommunication module according to claim 12, wherein the identificationunit comprises a first optical indicator indicative of thebi-directional interface being open for access to the first digitalstorage unit.
 14. A communication module according to claim 12, whereinthe identification unit comprises a second optical indicator indicativeof data transmitted over the bi-directional interface.
 15. A method ofcommunicating with a communication module being removably connected to anode in a communications network, the module being adapted to perform aprimary function pertaining to an over-all operation of the module and asecondary function involving control of the primary function, the methodcomprising: generating an authorization signal for the module; receivingthe authorization signal in the module; and exchanging data between themodule and a portable software carrier unit via a bi-directional opticalinterface, the data including information pertaining to accomplishmentof the primary function and being exchanged independently of the primaryfunction.
 16. A method according to claim 15, wherein the authorizationsignal includes an address field which designates a specific moduleposition within the node.
 17. A method according to claim 15, whereinthe authorization signal includes a unique identifier of the module. 18.A method according to claim 15 further comprising receiving a passphrase in the communication module, the pass phrase being received viathe bi-directional optical interface.
 19. A method according to claim18, wherein the pass phrase including includes a static segment.
 20. Amethod according to claim 18 wherein the pass phrase including includesa dynamic segment, the method comprising calculating the dynamic segmentin the portable software carrier unit and a central resourcerespectively.
 21. A method according to claim 18 wherein the pass phraseincluding includes a cyclic redundancy checksum, the cyclic redundancychecksum being based on data which is to update the contents of thefirst digital storage.
 22. A method according to claim 15 furthercomprising by updating of the contents of the first digital storage unitvia the bi-directional interface.
 23. A method according to claim 22,further comprising: receiving at least one control command via thebi-directional interface; and altering at least one parameter pertainingto the accomplishment of the primary function on basis of the at leastone control command.
 24. A method according to claim 23 furthercomprising: receiving at least one piece of information pertaining tothe accomplishment of the primary function via the bi-directionalinterface; storing temporarily the at least one piece of information ina second digital storage unit; resetting the communication module; andaltering the contents of the first digital storage on basis of the atleast one piece of information.
 25. A method according to claim 15further comprising reading out data from the first digital storage unitvia the bi-directional interface.
 26. A method according to claim 25,further comprising: receiving a request for status information via thebi-directional interface; and transmitting a status report on basis ofthe request, the status report including data pertaining to at least oneparameter of the primary function.